The Bullet-Proof Non Profit
John Couleur
NPower Arizona
November 2003
The Bullet-Proof Non Profit
• What this presentation will talk about
– What is business continuity planning?
– What are the costs associated with not
planning for disasters?
– What are some of the key elements of a DR/BC
plan?
– What are some good resources?
• What this presentation will not talk
about
– How to do a NT backup
• What would you like to discuss?
The Bullet-Proof Non Profit
• What is the difference between Disaster Recovery
and Business Continuity planning?
– Disaster recovery
• In the IS context, disaster recovery is the restoration of
computing and telecommunications services after an event
has disrupted those services. The event might be
something huge—like an earthquake or the terrorist
attacks on the World Trade Center, which killed thousands
and affected everything from telephones to the New York
Stock Exchange—or something comparatively small, like
malfunctioning software caused by a computer virus.
– Business continuity planning
• Business continuity planning (also called contingency
planning) determines how a company will keep functioning
until its normal facilities are restored after a disruptive
event. This encompasses how employees will be contacted,
where they will go and how they will keep doing their jobs
The Bullet-Proof Non Profit
• What is the cost of not planning for
disaster?
– The Northeast blackout of 2003 cost $1B
– One in three U.S. businesses would lose critical
data or operational capabilities if struck by a
disaster – Gartner 2003
– While reports vary, as many as 40 percent of
small businesses do not reopen after a major
disaster like a flood – American Red Cross
– 43% of the businesses suffering a disaster
never recover - London study May 03
The Bullet-Proof Non Profit
• How prepared are businesses for
disasters?
– More than 60 percent of IT departments did
not have formal plans and procedures in place
to deal with the blackout - Info Tech Research
– Although more than 76 percent of companies
surveyed said that the 2003 blackout had an
impact on their organization, most of them
admitted that they were not sufficiently
prepared - Info Tech Research
– About 30% of companies lack a formal disaster
recovery strategy, and 64% of companies say
their data backup and disaster recovery plans
have significant vulnerabilities – Imation 2003
The Bullet-Proof Non Profit
• The four steps to a successful
Business Continuity plan
– Assess
– Document
– Plan
– Manage
The Bullet-Proof Non Profit
• Assess
– Identify the risks
– Determine the vulnerability
– Analyze the impact to the business
• Probability and Cost
“A ounce of prevention is worth a pound
of cure‖
• Reduce the risk whenever possible
The Bullet-Proof Non Profit
• Half of the 877 IT directors interviewed for the research cited
human-related issues -- accidental errors and malicious behavior -
- as the main threat to the security of their business. Almost two-
thirds also cited hardware failure, while 59 per cent said software
failure and viruses are a significant threat – Veritas 2003
• The Risk list
– Electronic security
– Viruses
– Hardware failure
– Fire
– Power outages
– Physical security
– Flood
– Storms
– Civil unrest
– Sabotage
– Labor disputes
The Bullet-Proof Non Profit
• Document
– Business requirements
– Systems and software
– The other stuff
• Non computer generated forms
– Contact information of staff, vendors and
customers
The Bullet-Proof Non Profit
• Plan
– Response and Recovery priorities
– Roles and responsibilities during and after the
emergency
– Alternatives
• Office space?
• Computers?
The Bullet-Proof Non Profit
• Manage
– Train
– Test
• 87% of companies have a formal data backup and
storage plan implemented, but 32% of those
companies reported not testing their plans on a
regular basis - Imation
– Review and Update
The Bullet-Proof Non Profit
• Partnering with outside vendors to
reduce risk
– ASP’s
– Hot sites
• Online backups
– Cold sites
– Offsite storage
The Bullet-Proof Non Profit
• Some Good sites
– Sample DR plans
• Fema http://www.fema.gov/library/bizindex.shtm
• MIT http://web.mit.edu/security/www/pubplan.htm
• http://www.drj.com/new2dr/samples.htm
– Writing an outsourcing contract
• http://continuitycentral.com/feature002.htm
– If you want to believe that the problem can be
solved by spending $199
• http://www.securityauditor.net/drp/
The Bullet-Proof Non Profit
• From the bunker.net
―We offer our ex NATO nuclear bunker for
use in a disaster recovery plan. We can
provide hosting support and secure data
storage for white hot sites‖
The Bullet-Proof Non Profit
Questions